1660602889182 Cd111covstryside3

Secure Access

Nov. 9, 2011
Security Modules Enable Remote Connectivity

By Dan Hebert, PE, Senior Technical Editor

Proprietary access means that a company establishes a secure link between its machines in the field and its home office by using dedicated communications hardware. System integrator Prism Systems uses security modules to establish connections to remote systems, such as a natural gas compressor.

"Over the years we've used a number of methods to support remote sites," explains Keith Jones of Prism. "If the end system is primarily software-based—such as an HMI, web application or database application—then a web-based software solution works well. We use Citrix to establish a remote support session to a PC at the customer's site. This allows us to take control of the PC and work to resolve issues."

But for remote access to a PLC, Jones says that solution doesn't work well. "First, you must have a PC at the remote site connected to both the Internet and to the PLC. This never is recommended because it creates serious security issues. Second, the remote PC must have the development software installed on it, and this is a licensing headache we prefer to avoid."

Instead, Prism uses Siemens industrial security modules for PLC access. "This is a hardware solution that allows us to install a special security module at the customer's location," he explains. "This module has two Ethernet connections—one for the controls network and another for a network with Internet access. We have a second module installed at our office. When we configure the modules, we use a security configuration tool that forms a permanent VPN tunnel between these two devices."

This configuration provides a secure connection from Prism's office to the remote location with a minimum of configuration. "Since this is a hardware device built specifically for secure connections, we can install it with confidence that it will provide a high degree of protection."

Once the VPN connection is established, Prism can connect to PLCs as if they were at the site. "The PLC software is installed on our computers and connects to the remote PLCs over standard Ethernet. Typically, we see no performance issues with the industrial security modules and find that we truly can support the sites without having to travel."

Another advantage to this solution is that Prism can restrict access on both sides to specific devices. "We can configure the modules to pass data between specific MAC addresses to restrict connectivity to only our modules," Jones explains. "The device records all network activity, so the customer has logs of who connected when and for how long."

Sponsored Recommendations

Is the Vision of Fully Cabinet-Free Machinery Finally Becoming a Reality?

Learn more about the innovations in industrial automation that are making cabinet-free machinery a reality.

2024 State of Technology Report: I/O Systems and Power Supplies

2024 State of Technology Report: I/O Systems and Power Supplies In the electrical enclosure, uninterruptible power supplies and I/O are important components. These devices are...

Boost Material Handling Operations with the New Assist Wheel Drive

Transportation and material moving are repeatedly among the most frequent workplace injuries and also a leading cause of days away from work, job transfers, or restrictions. Learn...

EV Battery Pack Manufacturing with AC Servos and Robotics

This white paper from Yaskawa examines the increase in demand for electric vehicle (EV) batteries and explores different steps in their manufacturing process where AC servos and...